Important re dropping TLS 1.0 support (Reminder: Changes to Whois-RWS and RDAP Scheduled for 12 February 2020)
NANOG Folks - If you are using programmatic interfaces over TLS 1.0 to access ARIN Whois-RWS or ARIN RDAP services, please pay particular attention to this announcement. Thanks! /John John Curran President and CEO American Registry for Internet Numbers Begin forwarded message: From: ARIN <info@arin.net<mailto:info@arin.net>> Subject: [arin-announce] Reminder: Changes to Whois-RWS and RDAP Scheduled for 12 February 2020 Date: 13 December 2019 at 12:28:44 PM CST To: <arin-announce@arin.net<mailto:arin-announce@arin.net>> As we originally announced on 15 October 2019, there will be a change made to ARIN’s Whois-RWS and RDAP services on 12 February 2020. This change may impact the way you interface programmatically with ARIN to query and retrieve information from these services. ARIN will no longer be supporting TLS 1.0 for Whois-RWS and RDAP services. There are well-known security issues with this protocol. We will continue to support TLS 1.1 and 1.2. Please make sure your client implementation will support TLS 1.1 or 1.2. Read https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/ for further details. Because these changes will be implemented in about 60 days, we recommend that you review your clients that interface with the Whois-RWS and RDAP services, and make any required configuration or code changes in advance of this change. Both TLS 1.1 and TLS 1.2 are available now. We encourage you to make these changes so you will have no operational impact when we disable the vulnerable transport protocols. So that you can plan your upgrades accordingly, we would also like to inform you of future planned events for this service. We will be adding TLS 1.3 support to Whois-RWS and RDAP in the near future. We also anticipate announcing end-of-service support for TLS 1.1, with another corresponding 120-day warning notice. Regards, Mark Kosters Chief Technology Officer American Registry for Internet Numbers (ARIN) _______________________________________________ ARIN-Announce You are receiving this message because you are subscribed to the ARIN Announce Mailing List (ARIN-announce@arin.net<mailto:ARIN-announce@arin.net>). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-announce Please contact info@arin.net if you experience any issues.
For people running public facing httpd, it is also worth noting that the population of old browser useragents that don't understand TLS1.2 is under half of one percent. There's very little risk or impact these days to only accepting TLS1.2 in Apache2 or nginx configuration everywhere. On Fri, Dec 13, 2019 at 11:17 AM John Curran <jcurran@arin.net> wrote:
NANOG Folks -
If you are using programmatic interfaces over TLS 1.0 to access ARIN Whois-RWS or ARIN RDAP services, please pay particular attention to this announcement.
Thanks! /John
John Curran President and CEO American Registry for Internet Numbers
Begin forwarded message:
*From: *ARIN <info@arin.net> *Subject: **[arin-announce] Reminder: Changes to Whois-RWS and RDAP Scheduled for 12 February 2020* *Date: *13 December 2019 at 12:28:44 PM CST *To: *<arin-announce@arin.net>
As we originally announced on 15 October 2019, there will be a change made to ARIN’s Whois-RWS and RDAP services on 12 February 2020. This change may impact the way you interface programmatically with ARIN to query and retrieve information from these services.
ARIN will no longer be supporting TLS 1.0 for Whois-RWS and RDAP services. There are well-known security issues with this protocol. We will continue to support TLS 1.1 and 1.2. Please make sure your client implementation will support TLS 1.1 or 1.2. Read https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/ for further details.
Because these changes will be implemented in about 60 days, we recommend that you review your clients that interface with the Whois-RWS and RDAP services, and make any required configuration or code changes in advance of this change. Both TLS 1.1 and TLS 1.2 are available now. We encourage you to make these changes so you will have no operational impact when we disable the vulnerable transport protocols.
So that you can plan your upgrades accordingly, we would also like to inform you of future planned events for this service. We will be adding TLS 1.3 support to Whois-RWS and RDAP in the near future. We also anticipate announcing end-of-service support for TLS 1.1, with another corresponding 120-day warning notice.
Regards,
Mark Kosters Chief Technology Officer
American Registry for Internet Numbers (ARIN)
_______________________________________________ ARIN-Announce You are receiving this message because you are subscribed to the ARIN Announce Mailing List (ARIN-announce@arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-announce Please contact info@arin.net if you experience any issues.
participants (2)
-
Eric Kuhnke -
John Curran